is there a program that can scan a Linux hard disk looking for vulnerable web apps?
February 1, 2005 12:17 PM Subscribe
LinuxAdminFilter: is there a program that can scan a server hard disk looking for vulnerable web apps? [more inside]
I have a dedicated server with several users and I want to make sure they are not running vulnerable versions of gallery, for example.
You could say that I'm looking for some kind of "antivirus-like" scanner that can look for known files identifying popular webapps that have known vulnerabilities and create a report.
I don't want an external scanner, I don't care about open ports, all I care is about cgi scripts and php pages.
I have a dedicated server with several users and I want to make sure they are not running vulnerable versions of gallery, for example.
You could say that I'm looking for some kind of "antivirus-like" scanner that can look for known files identifying popular webapps that have known vulnerabilities and create a report.
I don't want an external scanner, I don't care about open ports, all I care is about cgi scripts and php pages.
I think Nessus will do this, but it's an external scanner.
posted by tomierna at 12:42 PM on February 1, 2005
posted by tomierna at 12:42 PM on February 1, 2005
If Nessus can detect well known vulnerabilities in web apps, I don't think sd's limitation applies--I get the impression he means he just doesn't want a port scanner, which wouldn't be any good for that sort of thing anyways.
Other than that, though, furtive is right, nobody's made one of those yet. Too many web apps, too many versions of each, so little time.
The best way to do that, if Nessus fails, is to search for well known ID strings of known-vulnerable versions of as many apps as you can think of. I guess that's what such a script would do, heh.
Certainly, searching for the vulnerabilities themselves would be nigh-impossible, so the best you can do is to know that verison X of software Y is bad and to look for an install of it.
posted by cyrusdogstar at 12:58 PM on February 1, 2005
Other than that, though, furtive is right, nobody's made one of those yet. Too many web apps, too many versions of each, so little time.
The best way to do that, if Nessus fails, is to search for well known ID strings of known-vulnerable versions of as many apps as you can think of. I guess that's what such a script would do, heh.
Certainly, searching for the vulnerabilities themselves would be nigh-impossible, so the best you can do is to know that verison X of software Y is bad and to look for an install of it.
posted by cyrusdogstar at 12:58 PM on February 1, 2005
As suggested Nessus does have a vulnerability database that should check for known vulnerabilities( ie gallery or phpbb ). I think it also attempts to check common XSS probabilities. cgichk will do some checking of a few known "interesting" cgi scripts, plus a few common httpd bugs. If you know how XSS attacks go down you can get hardcore and audit( by hand ) those webapps you are concerned about using this cheat sheet.
posted by mnology at 1:39 PM on February 1, 2005
posted by mnology at 1:39 PM on February 1, 2005
RPVS aka Remote PHP Vulnerability Scanner
screenshot
binary
It's windows specific so I haven't ran it, but I've used similar apps to scan for vulnerabilities in installed web applications. No idea what you meant by an internal scanner - do you mean using find(1) or something, cause the best way to do this is going to be via HTTP.
You might also want to check out mod_security to provide an additional layer of defense against badly written web applications.
posted by jperkins at 2:07 PM on February 1, 2005
screenshot
binary
It's windows specific so I haven't ran it, but I've used similar apps to scan for vulnerabilities in installed web applications. No idea what you meant by an internal scanner - do you mean using find(1) or something, cause the best way to do this is going to be via HTTP.
You might also want to check out mod_security to provide an additional layer of defense against badly written web applications.
posted by jperkins at 2:07 PM on February 1, 2005
You might be better off running apache in a chroot jail. You could scan for known vulnerable apps all day and still not catch the person who writes a Perl CGI script:
print qx( $cgi->param("q") );
posted by Plutor at 4:10 PM on February 1, 2005
print qx( $cgi->param("q") );
posted by Plutor at 4:10 PM on February 1, 2005
This thread is closed to new comments.
posted by furtive at 12:21 PM on February 1, 2005